Photo via Daniel Oines/Flickr (CC BY 2.0)

AT&T’s shady way of sneaking ads into free Wi-Fi hotspots might be illegal

This is the price of free Wi-Fi


AJ Dellinger


Posted on Aug 26, 2015   Updated on May 28, 2021, 2:19 am CDT

AT&T provides free Wi-Fi in public areas like airports, but the service isn’t as free as you think. According to a recent report, AT&T has been injecting advertising into the browsers of users connected to the hotspot. 

Jonathan Mayer, a computer scientist and lawyer at Stanford, first reported on the issue on his blog, Web Policy, after noticing odd ads popping up on his university’s website. Other sites already supported by ad placement were inundated with additional banners and popups that didn’t appear to be associated with the site itself.

All of the additional advertisements being pushed into the browser experience, Mayer found, were from AT&T. Some additional digging revealed that the service provider was injecting ads into unsecured HTTP traffic with a platform provided by network monetization startup RaGaPa. In short, AT&T is monetizing its “free” Wi-Fi hotspots. 

When a person who is connected to AT&T’s hotspot attempts to navigate to an HTTP webpage, the hotspot makes three edits. First, it adds an advertising stylesheet to host the popup, then it creates a backup advertisement, and employs two scripts that pull advertising content from third-party providers and pushes in front of the webpage content.

AT&T’s terms of service provided to users who connect with the company’s hotspots makes no mention of injected advertising, which gives the user no opportunity to opt out of the experience. The advertisements are also unmarked, so the origin of them are obscured.

The act of injecting ads isn’t explicitly illegal, though Mayer suggests there are plenty of rules that strongly discourage it. Under the Federal Communications Commission’s (FCC) net neutrality rules, it would have to be shown that the ads in question are “unreasonably interfering with” or “unreasonably disadvantaging” consumer or website connectivity. 

If AT&T is routing traffic through servers hosted by RaGaPa, Mayer suggests that wiretapping statutes could come into effect, though he did not test to find if the traffic was being directed in such a way.

H/T Web Policy | Photo via Daniel Oines/Flickr (CC BY 2.0)

Share this article
*First Published: Aug 26, 2015, 4:54 pm CDT